Link to home
Start Free TrialLog in
Avatar of Tacobell2000
Tacobell2000Flag for Canada

asked on

dns errors show up in the event log: nx domain


Hello,

On 1 domain controller running Windows 2003 sp2 the event log is full of dns errors Event Id:7050. I enabled dns logging on the server and found this:

20080722 07:05:27 B8C PACKET  UDP Rcv 72.29.224.33    3b60 R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Snd 10.1.0.0     6222 R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 F6C PACKET  UDP Rcv  10.1.0.0    a384   Q [0001   D   NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 F6C PACKET  UDP Snd 72.29.224.33    136d   Q [0001   D   NOERROR] (6)bounce(
20080722 07:05:27 2E4 PACKET  UDP Snd 72.29.224.49    2b5a   Q [0001   D   NOERROR] (14)tastyhottreats(3)com(0)

20080722 07:05:27 F6C PACKET  UDP Rcv 72.29.224.49    2b5a R Q [8083  TDR  NOERROR] (14)tastyhottreats(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Rcv 72.29.224.33    136d R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Snd  10.1.0.0      a384 R Q [8081   DR  NOERROR] (6)bounce(4)geni(3)com(0)

20080722 07:05:27 B8C PACKET  UDP Rcv  10.1.0.0      21dd   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 B8C PACKET  UDP Snd 72.29.224.33    0b74   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 2BC PACKET  TCP Snd 72.29.224.49    2b5a   Q [0001   D   NOERROR] (14)tastyhottreats(3)com(0)

20080722 07:05:27 2BC EVENT   The DNS server recv() function failed.
The event data contains the error.
20080722 07:05:27 B8C PACKET  UDP Rcv 72.29.224.33    0b74 R Q [8381   DR NXDOMAIN] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 B8C PACKET  UDP Snd  10.1.0.0      21dd R Q [8381   DR NXDOMAIN] (2)23(2)87(2)78(3)208(2)bl(7)spamcop(3)net(0)

20080722 07:05:27 B8C PACKET  UDP Rcv  10.1.0.0      21dd   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(7)sbl-xbl(8)spamhaus(3)org(0)

20080722 07:05:27 B8C PACKET  UDP Snd 72.29.224.33    1b78   Q [0001   D   NOERROR] (2)23(2)87(2)78(3)208(7)sbl-xbl(8)spamhaus(3)org(0)

The error in the event log shows that it happened at 07:05:27.
I have no idea how to interpret the above.

please help,

Tacobell2000
Avatar of dalesit
dalesit
This looks to me like you have some sort of anti-spam DNS blackhole querying going on.

When an inbound email arrives, the sender and/or urls listed in the email are checked against realtime blacklists. In this case it looks like bl.spamcop.net and sbl-xbl.spamhaus.org.

Cheers,

Joel
Avatar of Tacobell2000
Tacobell2000
Flag of Canada image

ASKER

yes....but do you think this is generating the DNS errors?

Tacobell2000
ASKER CERTIFIED SOLUTION
Avatar of dalesit
dalesit
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tacobell2000
Tacobell2000
Flag of Canada image

ASKER

thanks.